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AMENDMENTS TO THE CLAIMS 

Upon entry of this amendment, the following listing of claims will replace all prior 
versions and listings of claims in the pending application. 

IN THE CLAIMS 

Please amend claims 42-45, 48, 49, 51-55, 58, 59, 61 and 62 as follows: 
1-41 (Cancelled). 

42. (Currently Amended) A method for adaptively generating exception rules to rejection rules 
for filtering messages, comprising: 

(a) receiving, by an intermediary device between a client and a server, a first 
message of a first user session, the first message having a first URL component 
comprising a plurality of hierarchically related URL components, the plurality of 
hierarchically related URL components comprising a first URL component and a second 
URL component, the second URL component being a descendant of the first URL 
component; 

(b) rejecting, by the intermediary device, the first message based on a rejection 
rule that rejects messages having the first URL component; 

(c) maintaining, by the intermediary device, a first number of occurrences of user 
sessions each having one or more messages rejected based on t he first URL component-m 
messages received by the intermediary device ; 

(d) maintaining, by the intermediary device, a second number of occurrences of 
user sessions each having one or more messages rejected based on the second URL 
componen t in m e ssages received by the interm e diary d e vic e; 
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(e) determining, by the intermediary device, that a function of the first number ef 
occurrences of user sessions exceeds a threshold and that the second number ef 
occurrences of user sessions does not exceeds-a the threshold; 

(f) generating, by the intermediary device, an exception rule to the rejection rule 
responsive to the determination, the exception rule allowing messages having the first 
URL component to pass; 

(g) receiving, by the intermediary device, a second message of the first user 
session having the first URL component; and 

(h) allowing, by the intermediary device, the second message of the first user 
session to pass between the client and the server based on the exception rule that allows 
messages having the first URL component to pass. 

43. (Currently Amended) The method of claim 42, wherein e xceeding the threshold further ste^ 
(e) comprises determining that having t he first number of user sessions occurrences of tho first 
URL compon e nt in m e ssag e s r e c e iv e d exceedswg the threshold, the first URL component 
having no descendents with a corresponding number of user sessions occurr e nc e s in me s sages 
r e c e iv e d exceeding the threshold. 

44. (Currently Amended) The method of claim 42, fefthe ^wherein step (e) comprisesfflg 
determining that a defining tho function of is a Gum of at least the first number of user sessions 
occurrences and the second number of user sessions occurrences exceeds the threshold . 
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45. (Currently Amended) The method of claim 42 44, further comprising defining the function 
as a function of the first number of ocourroncos user sessions and a number of user sessions 
corresponding to occurrenc e s of each descendant of the first URL component in messages 
received by the intermediary device. 

46. (Previously Presented) The method of claim 42, further comprising defining the threshold as 
a product of a total number of messages over a time interval and a percentage of the messages 
that should be allowed. 

47. (Previously Presented) The method of claim 42, further comprising generating the exception 
rule by inferencing a scalar data type of the descendants of the first URL component. 

48. (Currently Amended) The method of claim 42 44, further comprising defining the function 
as a direct count of the occurrences of user sessions corresponding to the first URL component. 

49. (Currently Amended) The method of claim 42 44, further comprising defining the function 
as a weighted count of the user sessions corresponding to occurr e nces of the first URL 
component. 

50. (Previously Presented) The method of claim 42, further comprising storing, by the 
intermediary device the URL in a trie structure, wherein each URL component of the plurality of 
hierarchically related URL components is associated with a node in the trie structure. 
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51. (Currently Amended) The method of claim £0 44, further comprising storing, by the 
intermediary device the URL in a trie structure and maintaining the function in a node of the trie 
structure associated with the first URL component , wherein each URL component of the 
plurality of hierarchically related URL components is associated with a node in the trie structure . 

52. (Currently Amended) A system for adaptively generating exception rules to rejection rules 
for filtering messages received by an intermediary device, comprising: 

means for receiving a first message of a first user session, the first message 
having a first URL, the first URL comprising a plurality of hierarchically related URL 
components, the plurality of hierarchically related URL components comprising a first 
URL component and a second URL component, the second URL component being a 
descendant of a first URL component, wherein the first message is rejected based on a 
rejection rule that rejects messages having the first URL component; 

means for maintaining a first number of user sessions each having one or more 
messages rejected based on occurrenc e s of the first URL component in me ss ag e s 
r e c e iv e d by the d e vic e, and a second number of user sessions each having one or more 
messages rejected based on occurr e nc e s of t he second URL componen t in messages 
receiv e d by the d e vic e; 

means for determining that a function of the first number of user sessions exceeds 
a threshold occurrences and that the second number of user sessions does not occurrences 
exceeds-a the threshold; and 
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means for generating an exception rule to the rejection rule for the first node 
associated with the first URL component responsive to the determination, the exception 
rule allowing messages having the first URL component to pass; 

means for receiving a second message of the first user session having the first 
URL component; and 

means for allowing the second message of the first user session to pass between 
the client and the server based on the exception rule that allows messages having the first 
URL component to pass. 

53. (Currently Amended) The system of claim 53, wherein exceeding the threshold further 
compri s inge s having means for determining that the first number of user sessions occurrences of 
the first URL component in messages received exceedsmg the threshold, the first URL 
component having no descendents with a corresponding number of user sessions occurrences in 
messages received e xceeding the threshold. 

54. (Currently Amended) The system of claim 53, further comprising wh e r e in th e means for 
determining that a function of is a sum of at least the first number of user sessions occurrences 
and the second number of user sessions occurr e nc e s exceeds the threshold . 

55. (Currently Amended) The method of claim £»54, wherein the function is a function of the 
first number of user sessions occurrences and a number of user sessions corresponding to 
occurrences of each descendant of the first URL component in messages received by the device. 
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56. (Previously Presented) The system of claim 53, wherein the threshold is a product of a total 
number of messages over a time interval and a percentage of the messages that should be 
allowed. 

57. (Previously Presented) The system of claim 53, wherein the exception rule is generated by 
inferencing a scalar data type of the descendants of the first URL. 

58. (Currently Amended) The system of claim 54, wherein the function is a direct count of the 
first number of user sessions corresponding to occurr e nce s of the first URL component. 

59. (Currently Amended) The system of claim 5^54, wherein the function is a weighted count of 
the number of user sessions corresponding to occurroncos of the first URL component. 

J 60. (Previously Presented) The system of claim 53, further comprising means for storing the 

URL in a trie structure such that each URL component of the plurality of hierarchically related 
URL components is associated with a node in the trie structure. 

61. (Currently Amended) The system of claim 6054, further comprising means for storing the 
URL in a trie structure such that each URL component of the plurality of hierarchically related 
URL components is associated with a node in the trie structure, and means for maintaining the 
function in a node of the trie structure associated with the first URL component. 
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62. (Currently Amended) A method for adaptively generating exception rules to rejection rules 
for filtering messages, comprising: 

(a) receiving, by an intermediary device between a client and a server, a first 
message of a first user session, the first message having a first URL component 
comprising a plurality of hierarchically related URL components, the plurality of 
hierarchically related URL components comprising a first URL component and a second 
URL component, the second URL component being a descendant of the first URL 
component; 

(b) rejecting, by the intermediary device, the first message based on a rejection 
rule that rejects messages having the first URL component; 

(c) maintaining, by the intermediary device, a first number of user sessions each 
having one or more messages rejected based on ocourronooo of the first URL component 
in messages received by the intermediary device ; 

(d) maintaining, by the intermediary device, a second number of user sessions 
each having one or more messages rejected based on occurr e nc e s of the second URL 
component in m e ssag e s r e ceiv e d by the int e rm e diary device ; 

(e) determining, by the intermediary device, that a function of the first number of 
user sessions exceeds a threshold occurr e nc e s and the second number of user sessions 
does not occurrences exceeds-a the threshold; 

(f) generating, by the intermediary device, an exception rule to the rejection rule 
responsive to the determination, the exception rule allowing messages having the first 
URL component to pass; 
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(g) receiving, by the intermediary device, a second message of the first user 
session having the first URL component; 

(h) identifying, by the intermediary device, that the second message having the 
first URL component is rejected by the rejection rule; 

(i) determining, by the intermediary device, that the rejection rule has an 
exception rule that may allow a message that has been rejected by the rejection rule to 
pass; and 

(j) allowing, by the intermediary device, the second message of the first user 
session to pass between the client and the server based on the exception rule that allows 
messages having the first URL component to pass. 
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